<?php
require_once('../db/config.php');
session_start();
$db = new db($config);

?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
        <link href="../css/bootstrap.min.css" rel="stylesheet">
        <script src="../js/jquery-2.0.js"></script>
        <title>用户登录</title>
        <style>
            .tab {
                width: 35%;
                margin: 100px auto;
                border: 1px #0033FF solid;
                padding-top: 20px;
                padding-left: 30px;
                background-color: #33F;
                height: 330px;
                text-align: center;
                font-size: 16px;
                color: #FFF;

            }

            body {
                background: #CCC;
            }
        </style>
    </head>
    </head>
    <body>
    <div class="tab">
        <form method="post" action="" class="form-horizontal" role="form">
            <label><h2>用户登录2</h2></label>
            <div class="form-group">
                <label for="user" class="col-sm-3 control-label">用户名:</label>
                <div class="col-sm-7">
                    <input type="text" title="请输入用户名" name="user" class="form-control" id="user"
                           placeholder="请输入用户名">
                </div>
            </div>
            <div class="form-group">
                <label for="pw" class="col-sm-3 control-label">密码:</label>
                <div class="col-sm-7">
                    <input type="password" name="pw" title="请输入密码" class="form-control" id="pw"
                           placeholder="请输入密码">
                </div>
            </div>
            <div class="form-group">
                <label for="pw" class="col-sm-3 control-label">验证码:</label>
                <div class="col-sm-4">
                    <input type="text" class="form-control" name='code' title="请输入验证码" id="code"
                           placeholder="请输入验证码">
                </div>
                <div class="col-sm-3">
                    <img src="check.php" style="cursor:pointer" title="点击刷新验证码"
                         onclick="this.src='check.php?rnd=' + Math.random();"/>
                </div>
            </div>
            <div class="form-group">
                <div class="col-sm-offset-2 col-sm-6">
                </div>
            </div>

            <div class="form-group">
                <div class="col-sm-offset-2 col-sm-7">
                    <input type="submit" name='submit' value='登录' class="btn btn-primary btn-lg btn-block">
                </div>
            </div>
        </form>
    </div>
    </body>
    </html>
<?php
if (isset($_POST['submit'])) {
    if ($db->inject_check($_POST['user'])) {
        echo "<script type='text/javascript'>alert('用户名非法');</script>";
        return false;
    }
    $user = $_POST['user'];
    if ($db->inject_check($_POST['pw'])) {
        echo "<script type='text/javascript'>alert('密码非法');</script>";
        return false;
    }
    $pw = md5($_POST['pw'] . '_php');

    $code = $_POST['code'];
    if ($code !== $_SESSION['code']) {
        echo '<script type="text/javascript">alert("验证码错误");</script>';
        return false;
    }

    $row = $db->countbyWhere('user', "user='$user' and pw='$pw'");
    if ($row == 0) {
        echo '<script type="text/javascript">alert("用户名或密码错误");</script>';
        return false;
    }
    $_SESSION['user']=$user;
    header("Location:../index.php");
}
?>
